CVEbaza.plCWE DictionaryCWE-1236
Common Weakness Enumeration

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

Category: BaseCVE: 341
Description

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

CVE vulnerabilities with CWE-1236 (341)
9.8
CVSS
CRITICAL
CVE-2026-31049

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field

pub. 2026-04-14
9.8
CVSS
CRITICAL
CVE-2025-56267

A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.

pub. 2025-09-08
9.8
CVSS
CRITICAL
CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.

pub. 2025-06-23
9.8
CVSS
CRITICAL
CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

pub. 2025-03-03
9.8
CVSS
CRITICAL
CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.

pub. 2025-01-23
9.8
CVSS
CRITICAL
CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.

pub. 2025-01-23
9.8
CVSS
CRITICAL
CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

pub. 2024-04-04
9.8
CVSS
CRITICAL
CVE-2023-51763

csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

pub. 2023-12-24
9.8
CVSS
CRITICAL
CVE-2020-10131

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

pub. 2023-09-06
9.8
CVSS
CRITICAL
CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

pub. 2023-07-31
9.8
CVSS
CRITICAL
CVE-2022-3574

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.

pub. 2022-11-14
9.8
CVSS
CRITICAL
CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

pub. 2022-11-07
9.8
CVSS
CRITICAL
CVE-2022-22425

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."

pub. 2022-11-03
9.8
CVSS
CRITICAL
CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection

pub. 2022-10-25
9.8
CVSS
CRITICAL
CVE-2022-28481

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

pub. 2022-05-01
9.8
CVSS
CRITICAL
CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

pub. 2022-04-12
9.8
CVSS
CRITICAL
CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.

pub. 2022-03-24
9.8
CVSS
CRITICAL
CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.

pub. 2021-10-12
9.8
CVSS
CRITICAL
CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

pub. 2021-01-26
9.8
CVSS
CRITICAL
CVE-2020-22274

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.

pub. 2020-11-04
Showing 20 of 341 vulnerabilities
Information
ID: CWE-1236
Type: Base
Vulnerabilities: 341
MITRE CWE ↗
← CWE Dictionary